Web applications became most popular medium in the Internet. Popularity, easiness of web application frameworks
together with careless development results in high number of vulnerabilities and attacks. There are several types of
attacks possible because of improper input validation. SQL injection is ability to execute arbitrary SQL queries in a
database through an existing application. Cross-site scripting is the vulnerability which allows malicious web users to
inject code into the web pages viewed by other users. Cross-Site Request Forgery (CSRF) is an attack that tricks the
victim into loading a page that contains malicious request. Web spam in blogs.
There are several techniques to mitigate attacks. Most important are web application strong design, correct input
validation, defined data types for each field and parameterized statements in SQL queries. Server hardening with firewall,
modern security policies systems and safe web framework interpreter configuration are essential. It is advised to keep
proper security level on client side, keep updated software and install personal web firewalls or IDS/IPS systems. Good
habits are logging out from services just after finishing work and using even separate web browser for most important
sites, like e-banking.